Tuesday, 2025-04-29

cardoe	We've spoken before about seperate service accounts per service. Do we have a spec around that and achieving that?	02:05
frickler	cardoe: the best I have is this spec-in-code I guess https://review.opendev.org/c/openstack/devstack/+/923944/4/lib/keystone	08:07
opendevreview	Ivan Anfimov proposed openstack/openstack-manuals master: install-guide: 2023.2 Bobcat to End of Life https://review.opendev.org/c/openstack/openstack-manuals/+/948425	11:49
opendevreview	Ivan Anfimov proposed openstack/openstack-manuals master: install-guide: 2023.2 Bobcat to End of Life https://review.opendev.org/c/openstack/openstack-manuals/+/948425	11:50
opendevreview	Ivan Anfimov proposed openstack/openstack-manuals master: OpenStack packages for RHEL and CentOS - Maintained Releases https://review.opendev.org/c/openstack/openstack-manuals/+/948426	11:53
opendevreview	Ivan Anfimov proposed openstack/openstack-manuals master: OpenStack packages for RHEL and CentOS - Maintained Releases https://review.opendev.org/c/openstack/openstack-manuals/+/948426	11:57
opendevreview	Ivan Anfimov proposed openstack/openstack-manuals master: OpenStack packages for RHEL and CentOS - Maintained Releases https://review.opendev.org/c/openstack/openstack-manuals/+/948426	12:09
opendevreview	Ivan Anfimov proposed openstack/openstack-manuals master: OpenStack packages for RHEL and CentOS - Maintained Releases https://review.opendev.org/c/openstack/openstack-manuals/+/948426	12:09
opendevreview	Francesco Di Nucci proposed openstack/openstack-manuals master: docs: rewrite CentOS guide for Stream 9 https://review.opendev.org/c/openstack/openstack-manuals/+/928128	12:43
cardoe	frickler: the reason I ask is cause I'm talking to the OpenStack Helm PTL about service accounts and credentials. Today they make an "ironic", "neutron", "nova" service accounts. Then configure ironic to use the "nova" one when talking to nova and the "neutron" when talking to neutron and the "ironic" when doing its own thing. Those "nova" and "neutron" ones are the SAME accounts that the nova and neutron service use.	14:17
cardoe	I'm trying to explain at the very least what should be done is that each service has its own service account and uses that same service account for all of its operations	14:18
cardoe	Cause this cross dependency matrix isn't good.	14:18
cardoe	He's asking me for a spec that promotes this.	14:18
cardoe	He's linked me to a few neutron and nova docs where they talk about using each other's credentials for access. e.g. in nova when it talks to neutron that you use the neutron account.	14:19
frickler	cardoe: well to me this is just common sense on how to reduce the attack surface/blast radius of possible compromises. I also don't know where such a spec would get hosted, maybe in the security guide?	14:21
fungi	we did have cross-project specifications, once upon a time, but those were later replaced by the goals framework	14:50
fungi	so i suppose we still have them, but we call them "goals" instead of "specs" now	14:50
fungi	writing a goal about projects using their own accounts and not getting credentials for the accounts belonging to other services sounds worthy of being a stated goal	14:51
fungi	er, i butchered that sentence, but you get my drift	14:51
frickler	well except afaict this is not about what projects themselves require (at least I very much hope so), but only about what deployment projects and install guides (suggest to) implement. can still be a goal, but with pretty restricted scope	15:20
fungi	yeah, deployment project specific, maybe with related guidance for other deployers in the opnstack security guide	15:21
gouthamr	tc-members: gentle reminder that we have the weekly IRC meeting here in ~58 mins	16:02
mnasiadka	cardoe: I’m pretty sure all deployment projects are in the same boat - we do what is required - would be nice to get a list which projects support a service persona and include deployment projects work in RBAC goal tracking	16:11
noonedeadpunk	++ to that ^	16:52
noonedeadpunk	we also add service role along with admin role for a while now. We can drop admin anytime whenever there is a clarity which service can live with only service role	16:53
frickler	the latter sounds orthogonal to the question which service (config) should have credentials for which account(s)	16:57
frickler	so maybe some document would be helpful already to just make sure people are all talking about the same thing?	16:58
gouthamr	~~ lets get into the meeting ~~~	17:00
gouthamr	#startmeeting tc	17:00
opendevmeet	Meeting started Tue Apr 29 17:00:32 2025 UTC and is due to finish in 60 minutes. The chair is gouthamr. Information about MeetBot at http://wiki.debian.org/MeetBot.	17:00
opendevmeet	Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.	17:00
opendevmeet	The meeting name has been set to 'tc'	17:00
gouthamr	Welcome to the weekly meeting of the OpenStack Technical Committee. A reminder that this meeting is held under the OpenInfra Code of Conduct available at https://openinfra.dev/legal/code-of-conduct.	17:00
gouthamr	Today's meeting agenda can be found at https://wiki.openstack.org/wiki/Meetings/TechnicalCommittee	17:00
gouthamr	#topic Roll Call	17:00
frickler	\o	17:01
spotz[m]	\o/	17:01
gmaan	o/	17:01
gouthamr	noted absence: g t e m a	17:01
gouthamr	courtesy ping: bauzas cardoe noonedeadpunk mnasiadka	17:03
bauzas	here	17:03
mnasiadka	o/	17:04
gouthamr	thank you all for joining, lets get started	17:05
gouthamr	#topic Last week's AIs	17:05
gouthamr	1) Skyline build reproducibility	17:05
gouthamr	the progress here has been s l o w	17:06
gouthamr	fungi and wu_wenixang__ confirmed that the core reviewers were on the ML and we stated that we'd prefer discussing the SBOM issue on the original ML post.. i'll bump it up this week	17:07
gouthamr	2) Grenade test job update/progress	17:07
gouthamr	gmaan: was there anything new that happened this week?	17:07
cardoe	o/	17:08
frickler	shouldn't that topic be finished for this cycle?	17:08
cardoe	Guess I should have come in quietly in the back.	17:08
fungi	yeah, i'm on a conference call right now but happy to talk about sbom stuff async later	17:08
frickler	cardoe: just sit down now ;)	17:09
* gouthamr hands cardoe the tardy slip :D		17:09
gmaan	sorry, for late response	17:09
gmaan	nothing news from me on grenade things	17:09
spotz[m]	Hey I've forgotten until the last 10 minutes so...:)	17:09
gmaan	but I think all grenade jobs are setup correctly. I will check heat/ironic/manila one today if anything needed	17:09
cardoe	So skyline is a bit similar IMHO to some of the other container bits I've wanted to bring up.	17:09
gouthamr	gmaan: ack, to recap: we made branch changes on grenade itself, and the test jobs we setup should automatically start testing E-->F, and SLURP jobs needn't run on master, temporarily	17:10
gouthamr	is that correct?	17:11
gmaan	gouthamr: yes, SLUPR can be run as voting or non voting but up to projects. by default i added to run as voting and project can opt it out if needed	17:11
gouthamr	++ thank you..	17:12
gmaan	continue running SLURP (N-2 -> N) upgrade helps to avoid or at least know what all breaking things coming up for next SLURP	17:12
gouthamr	ack	17:12
gouthamr	3) VMT resolution	17:13
gouthamr	#link https://review.opendev.org/c/openstack/governance/+/944817	17:13
gouthamr	last call for reviews on this one, there was a change posted last week which pushed out the merge timeline for it	17:13
gouthamr	so if you had a RC +1 prior, please do check the latest patchset.. if you've already done that, thank you :)	17:14
fungi	JayF: is the other regularly active vmt member who hasn't +1'd the latest patchset	17:14
gouthamr	ty, next AI is to begin working on the changes suggested.. starting with TC liaisons	17:15
gouthamr	bauzas indicated that he'd like to be a TC liaison, i can be one too.. in my copious free time :)	17:15
gouthamr	is there any other TC member that wants to be a liaison instead?	17:16
JayF	+1 in spirit 😄	17:16
spotz[m]	hehe	17:17
bauzas	bear with me ;-)	17:17
fungi	note that it should be sufficient to just document it somewhere (could even be in the liaisons wiki) so that vmt members know who to reach out to if we're having trouble getting anything from the project leaders	17:17
gouthamr	yeah, that's where i was thinking	17:18
fungi	doesn't need to be super formal, just need to know where we should look	17:18
gouthamr	okay, ty bauzas++ you're it, i'll update the wiki once the resolution merges.. we can chat about the rest of the changes here or in #openstack-security	17:20
gouthamr	4) Move PTG AIs to tracker	17:20
noonedeadpunk	o/	17:20
gouthamr	i'm a slacker here, some of them are there.. others, including unassigned ones don't figure here	17:21
gouthamr	will move them and bug folks appropriately..	17:21
gouthamr	5) Chat with ianychoi/seongsoo to clarify i18n team’s requests and concerns, chat with rosmaita about the openstack.weblate.cloud 's context/history	17:22
gouthamr	^ this is ongoing in private, unfortunately, because some payments etc are being discussed	17:22
gouthamr	but i can give you a summary: we identified the limits in the hosted weblate, and are exploring what options exist	17:23
gouthamr	do we pay more as we complete the migration, if yes, how much? (we = openinfra foundation)	17:24
gouthamr	who do we work with to get any unadvertised offers to reduce said payment	17:24
gouthamr	in parallel, i18n SIG members are looking to reduce "source strings" that count towards this limit - on how/why, we'll need to pick their brains on the subject	17:26
noonedeadpunk	that would be really nice to figure out sooner then later	17:26
noonedeadpunk	as we are already doing transition for a while and it feels that we're running out of time overall	17:26
spotz[m]	Speaking of translation, docs has an issue to add tags in. I've been holding off on it as I know there have been concerns with the team not being able to keep up. And I don't mean that in a bad way but can't think of better wording for more tags then translations	17:27
gouthamr	true, i can press on this need.. from what i know, the SIG lacks members, so if you are willing to help, or know anyone that is, it might help spread the load!	17:27
noonedeadpunk	(not saying that some things would be nice to add for translation, but we don;t to reduce amount of things to migrate)	17:27
gouthamr	spotz[m]: oh, what tags?	17:27
spotz[m]	Let me look I was trying to keep those as unread	17:28
gouthamr	ty	17:28
gouthamr	alright, that's all the AIs i was tracking	17:29
gouthamr	does anyone else have any?	17:29
spotz[m]	This might be it https://review.opendev.org/c/openstack/openstack-manuals/+/947059?usp=email	17:29
spotz[m]	No I thought it was .po files this is .py	17:30
spotz[m]	Still looking	17:30
gouthamr	okay..	17:30
gouthamr	#topic Affiliation changes	17:30
gouthamr	gmaan: i'll put you on the spot for an announcement	17:30
gmaan	yeah	17:31
gmaan	I would like to share about my affiliation change. I joined Redhat yeaterday.	17:31
spotz[m]	Maybe I imagined it:)	17:31
frickler	spotz[m]: were you referring to https://review.opendev.org/c/openstack/openstack-manuals/+/947180 vs. https://review.opendev.org/c/openstack/openstack-manuals/+/947256 ?	17:32
frickler	gmaan: congrats	17:32
gmaan	as we have org diversity requirement, I would like gouthamr to check those and let me know next step if any change needed for my term	17:32
spotz[m]	frickler: you rock, yes!	17:33
gouthamr	gmaan: congratulations and welcome to Red Hat, you broke the internet with the nick and email changes at the same time :D	17:33
gmaan	frickler: thanks	17:33
fungi	i want to say as of the last tc election there could have been one more rh employee without exceeding 50%, but good to double-check that	17:33
gouthamr	fortunately, no.. we are still in compliance with the TC's diversity requirement	17:33
gmaan	yeah, as I changed my email id so though of changing the irc nick etc. but sorry for breaking the scripts. I thought changing primary email in gerrit will work fine	17:34
spotz[m]	Welcome gmaan	17:34
gmaan	spotz[m]: thanks	17:34
gmaan	hope all fixed now.	17:34
gmaan	oh no, this still not merged	17:34
gmaan	#link https://review.opendev.org/c/openstack/governance/+/948354	17:34
gmaan	after this release tooling will be fine	17:35
gouthamr	bauzas, spotz[m], gmaan and myself are affiliated with Red Hat; and that's 44.4% of the TC	17:35
frickler	gmaan: you still need to switch to a new .com domain ;)	17:36
gouthamr	or maybe .ai	17:36
spotz[m]	I thought .ai was going away?	17:36
gmaan	frickler: I just subscribed to old one 1 week before so I will continue that for a year and see if I can get new one :)	17:37
gouthamr	:P jokes aside	17:37
gmaan	do not want to waste my $40 :P	17:37
gouthamr	a gentle reminder to everyone to please keep their affiliation data on OIF Foundation profiles up to date	17:38
gouthamr	you'd probably also update x/stackalytics if you care to..	17:39
gouthamr	that's all there was to $topic	17:39
fungi	affiliation changes in the openinfra foundation profiles should get picked up automatically by openstack.biterg.io (though it's down at the moment due to an intersection of scheduled maintenance and mass power outages in spain)	17:40
gouthamr	#topic Activity of SIG groups	17:40
gouthamr	ack fungi	17:40
gouthamr	noonedeadpunk: you added this topic, and seeded a couple of questions to the meeting:	17:40
gouthamr	1) How do we track if SIG is active or not	17:41
gouthamr	2) How we can enable interested people to get into SIG to continue maintenance if SIG is inactive	17:41
gouthamr	was this motivated by any examples?	17:41
gouthamr	#link https://governance.openstack.org/sigs/	17:41
noonedeadpunk	ah, yes, I did last week	17:41
frickler	iiuc the ansible sig?	17:41
noonedeadpunk	So eventually the folk came to osa channel seeking for help with ansible-collections-openstack sig	17:42
noonedeadpunk	yes	17:42
gouthamr	ah, you were trying to reach sshnaidm	17:42
noonedeadpunk	well, not specifically	17:42
noonedeadpunk	so the thing is that there quite some contributions coming to the repo	17:42
noonedeadpunk	but really no review activity	17:42
fungi	i've gotten recent questions about whether the scientific sig is still active too	17:42
noonedeadpunk	with that - there's no really established proicess of adding new members to the sig	17:43
gouthamr	very much, i think :) were you able to direct the enquiries, fungi?	17:43
gouthamr	noonedeadpunk: yes	17:43
fungi	i pointed folks to the list of chairs for the sig, but i think they're all (or almost all) gone from the community now	17:43
noonedeadpunk	so even if there're interested parties to step in with maintenance - they don't have much chance	17:43
fungi	yeah, that's the problem with sigs going inactive is the chairs are the only points of contact in many cases, and once they're gone it's unclear how newcomers can get involvd	17:44
gouthamr	fungi: i pleasantly discovered that the scientific SIG was celebrating its 10th anniversary and is quite active, except they're not like an openstack project team and don't talk a ton on OFTC	17:44
noonedeadpunk	yeah, right	17:44
gouthamr	fungi: here's their Slack: https://join.slack.com/t/os-scientific-sig/shared_invite/zt-34akzhxia-J4DDSoGY0wLnh9aoNxqqlA	17:44
fungi	oh cool, thanks!	17:45
bauzas	ya the main issue is that they don't use IRC	17:45
fungi	i'll pass that along	17:45
bauzas	again a slack issue	17:45
opendevreview	Merged openstack/governance master: Updating Ghanshyam email/irc name https://review.opendev.org/c/openstack/governance/+/948354	17:45
fungi	there was also discussion about whether we can get the scientific sig and large-scale sig connected to one another, since there seems to be some overlap in interests for the hpc space in particular	17:45
* gouthamr imagines that headshake		17:45
fungi	(hpc now being considered synonymous with ai)	17:46
noonedeadpunk	but I wonder if ansible sig is a little bit more unique in terms of having a deliverable	17:46
fungi	the tact sig has a lot of git repos, the security sig has some too	17:47
noonedeadpunk	ok, yes, right	17:47
spotz[m]	They were one of the groups Julia refered to from conversations at OpenInfra Days NA	17:47
gmaan	in past, we used to check SIG meeting happening or not but that should not be the criteria to consider them as inactive	17:47
fungi	the packaging sig did" i don't know whether they still do though	17:47
gouthamr	fungi: sometimes, foundation staff - like yourself/ttx/helena/aprice/diablo_rojo/jimmymcarthur seem to know how to find people.. but, its an unsustainable way to connect with people, i agree	17:47
noonedeadpunk	I think the main pain point - if how to get new members onboarded if chair is not active more or less	17:48
gouthamr	noonedeadpunk: we have a list: https://governance.openstack.org/tc/reference/sig-repos.html	17:48
gmaan	I see 'k8s' 'Hardware Vendor' 'First contact' 'cloud research' 'automation' and maybe few more have no activities?	17:48
fungi	yeah, people were asking other foundation staff members about the scientific sig, and they asked me	17:48
noonedeadpunk	https://opendev.org/openstack/ansible-plugin-container-connection this looks completely abandoned	17:49
noonedeadpunk	but also it looks like osa related under ansible sig....	17:49
spotz[m]	I'll also say we're about to announce RDO Epoxy, but we desperately need packagers if there is going to be a Flamingo	17:49
spotz[m]	Or I should say RPMs	17:50
gmaan	I think we should initiate the separate email about each SIG which we do not find activity or no response from listed chairs.	17:50
mnasiadka	Well, Scientific SIG is alive - if there’s any need for relaying information - I can help. But I agree we should have some process in place for having a responsive chair or current contact details.	17:50
gmaan	that at least can refresh the chair list if SIG still needed or to more moved to 'advisory' or 'completed' status	17:51
fungi	spotz[m]: i thought rdo had said they were moving to just slurp releases?	17:51
spotz[m]	The 2 engineers who were packaging moved to new roles:( We've talked about it in meetings but no one but us went to them	17:52
gouthamr	so teh questions remain, i think it'd be useful if there was a proposal	17:52
noonedeadpunk	I can recall Neil saying smth about help, but not sure	17:52
spotz[m]	He came to one meeting	17:53
gouthamr	noonedeadpunk: have you had any thoughts around changing the situation and answering the two questions you posed?	17:53
noonedeadpunk	no, not really. Pretty much the reason I raised as I had lack of good ideas	17:53
noonedeadpunk	And I'd say I was trying to think about these for some time now	17:53
mnasiadka	Kolla basically uses only a couple of packages from RDO build deps - I can check which ones… if RDO is going to disappear…	17:54
noonedeadpunk	osa uses a whole distro path based on rdo fwiw	17:54
gouthamr	okay, that looks like a tangent that we shouldn't go into..	17:54
gouthamr	i mean, please discuss RDO challenges as a separate topic for next week if you'd like	17:55
noonedeadpunk	++	17:55
fungi	though osa and kolla also support other distros, if sticking with a particular deployment tool is more important to users than sticking with a particular distro	17:55
spotz[m]	We can talk afte	17:55
noonedeadpunk	so I guess I wanted to raise that and gather opinions on possible solutions	17:55
noonedeadpunk	I can do a writing part and combine thoughts together	17:55
gouthamr	we could try to update stale info, to begin with	17:55
noonedeadpunk	but I struggle to find solution on myself, so was hoping on some collaborative effort :)	17:56
gouthamr	and probably add links if they're missing on "how do i join this SIG"	17:56
gouthamr	its a big problem that we can chip away in small pieces	17:56
spotz[m]	Could do quarterly updates, or updates when we have elections?	17:57
noonedeadpunk	what is more tricky, is that not each sig are equal somehow	17:57
noonedeadpunk	as one do have deliverables, while others do not	17:58
gouthamr	spotz[m]: yes, and probably an initial push now to fix stale info.. if it helps, we can have folks join TC meetings with short updates: "Meet SIG X, and know their updates"	17:58
gmaan	yeah but having active and up to dated list of chairs is helpful	17:58
noonedeadpunk	indeed	17:58
bauzas	agreed	17:58
noonedeadpunk	but how chairs are assigned?	17:58
gouthamr	++ lets work on that part first; ty for bringing this concern, noonedeadpunk	17:58
noonedeadpunk	as they are not taking part in elections?	17:58
noonedeadpunk	so maybe we need to add SIG chair to elections?	17:59
gmaan	who ever volunteer is added in that list	17:59
noonedeadpunk	which would highlight a) activity b) if it's relevant?	17:59
gouthamr	no, https://governance.openstack.org/tc/reference/comparison-of-official-group-structures.html	17:59
fungi	at least in the sigs i'm involved in, anyone who wants to volunteer to be a chair can. i'm the sole chair of two sigs right now and have repeatedly stated for years that i's appreciate volunteers to help or relieve me entirely	17:59
gmaan	it is more of up to SIG members to agree on the chair	17:59
spotz[m]	No but we ask the SiGs and WG for ATC suggestions, admitedly we've been bad on that for years	17:59
spotz[m]	We used to send thm to TOm if that answers how bad we've been:)	18:00
gmaan	like we do for DPL, having a reset and checks for up to dated list is no harm	18:00
gouthamr	i wouldn't put the process of elections on short/long term groups like this	18:00
gmaan	yeah. election are not needed as such	18:00
noonedeadpunk	`which are not directly responsible for producing components of the “OpenStack” software release` -> does ansible SIG really goes under this criteria specifically?	18:00
gouthamr	"SIGs can own git repositories and produce software, but that software will be considered add-on software to the main “OpenStack” software releases. "	18:01
gmaan	and 'reset' can be just check them via email, irc etc	18:01
bauzas	time check, I need to leave	18:01
gouthamr	yes	18:01
gouthamr	we're a bit over, apologies	18:01
gouthamr	let's end this meeting here	18:01
fungi	are the repositories that the ansible sig manages official deliverables of openstack? shouldn't be possible governance wise	18:01
noonedeadpunk	yeah, right, sorry :)	18:01
gouthamr	sorry, but some topics will be pushed to next week	18:02
gouthamr	which is a Video+IRC meeting	18:02
gouthamr	i'll share details as usual	18:02
gouthamr	anything else to add to the minutes today?	18:02
noonedeadpunk	fungi: it's where things get nasty	18:02
noonedeadpunk	I'll add after the end:)	18:02
gouthamr	thanks everyone	18:03
gouthamr	#endmeeting	18:03
opendevmeet	Meeting ended Tue Apr 29 18:03:24 2025 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)	18:03
opendevmeet	Minutes: https://meetings.opendev.org/meetings/tc/2025/tc.2025-04-29-17.00.html	18:03
opendevmeet	Minutes (text): https://meetings.opendev.org/meetings/tc/2025/tc.2025-04-29-17.00.txt	18:03
opendevmeet	Log: https://meetings.opendev.org/meetings/tc/2025/tc.2025-04-29-17.00.log.html	18:03
gouthamr	noonedeadpunk: continue please :)	18:03
fungi	i won't be around for next week's meeting (work travel), but can try to catch up in irc if there are questions for me	18:03
noonedeadpunk	fungi: so it was made as a sig to avod licensing issues	18:03
gouthamr	fungi: ack	18:03
fungi	https://opendev.org/openstack/governance/src/branch/master/reference/sigs-repos.yaml#L3-L5 lists two repos	18:04
noonedeadpunk	as there were concerns that importing GPL3 code into modules, which is required to produce ansible module, requires to be licensed with GPL as well	18:04
fungi	in theory those are openstack community managed resources, not official openstack deliverables	18:04
noonedeadpunk	so it was made aside just to not cause any troubles with that	18:04
noonedeadpunk	openstack/ansible-plugin-container-connection - we should drop this one, imo	18:04
noonedeadpunk	I have very little idea how it happened to be there...	18:05
clarkb	and the other is part of ansible + openstack integration which isn't part of the opensdtack release as far as i Know	18:05
noonedeadpunk	it's not part of the release	18:05
noonedeadpunk	but it's very related to the versions of sdk	18:06
fungi	yeah, it's client tooling essentially, for people who want to manage openstack resources with ansible playbooks	18:06
noonedeadpunk	and very dependant on them	18:06
noonedeadpunk	but so is CLI and SDK?	18:06
clarkb	sure but thats no different than opesntack being dependent on python	18:06
clarkb	you can depend on things and not be part of their release	18:06
noonedeadpunk	as openstack are APIs and CLI is a convenience	18:06
fungi	cli and sdk are openstack deliverables maintained by an official project team	18:07
noonedeadpunk	I know. and that is pretty much the point, that in their core - they are kinda alike	18:07
fungi	anyone can write software that talks to openstack and host it wherever they like. in this case it's done in the context of an openstack sig, but it could just as well be some random maintainer(s) on github	18:07
fungi	not all software that interacts with openstack needs to be officially governed by an openstack project team and participate in the coordinated release	18:08
noonedeadpunk	um, but should not be this a protected trademark? https://galaxy.ansible.com/ui/namespaces/openstack/	18:08
noonedeadpunk	as it's owned by ex sig chair	18:09
noonedeadpunk	afaik	18:09
clarkb	I'm not an IP lawyer but my understanding is you can use non stylized names to accurately refer to things	18:09
fungi	https://www.openstack.org/brand/	18:09
fungi	the "Community Organizers & Non-Commercial Use" section is probably relevant	18:09
clarkb	if you provide tooling to communicate to or integrate with openstack using the term openstack is probably fine in that content. But you can't use the logo or stylized version of the name. But also ^ there are guidelines and I'm not a lawyer	18:10
noonedeadpunk	ok, so basically your solution for non-active sig or absent reviews is to fork the repo?	18:10
fungi	the tc (formerly the meta-sig which was comprised of tc+uc members before the uc was folded into the tc) governs all sigs, and can reassign access to any of those resources	18:11
noonedeadpunk	yes, right, so pretty much I wanted to see if it's possible to establish some process which seems to be missing now	18:11
gouthamr	yeah, my preference would be to re-staff the said SIG if there's interest	18:12
fungi	if someone wanted to take over maintenance of the openstack/ansible-collections-openstack repo and the tc decided that it was basically abandoned or mismanaged, then they could choose to amend or replace the list of maintainers with new volunteers	18:12
spotz[m]	Staff the meta-sig?	18:12
fungi	staff the ansible sig, i think	18:12
spotz[m]	Ahh	18:12
noonedeadpunk	to asses and be able to have some sort of criteria when a flag needs to be raised	18:13
fungi	sounds like a great idea to me	18:13
noonedeadpunk	But also, IMO TF, CLI, SDK, Ansible modules are having huge value for OpenStack	18:13
noonedeadpunk	As that tends to be a good selling point, on the contrary to developing in-house or forked solution	18:14
fungi	what is tf?	18:14
noonedeadpunk	that you will loose all that amazing compatability and community tools	18:14
noonedeadpunk	openbao :)	18:14
noonedeadpunk	brrrr	18:14
gouthamr	ah famously abbreviated as "TF" :D	18:15
noonedeadpunk	opentofu	18:15
noonedeadpunk	yes, it is :D	18:15
clarkb	sure, but there are two common issues there: 1) is people who want to write plugins for that are often more aligned to those tools than to the thing they are writing a plugin for and 2) licensing	18:15
clarkb	I don't think we should demand it either way and do what works best for the particular ecosystem	18:15
fungi	openbao seems to be a fork of hashicorp vault	18:15
clarkb	fungi: teraform is tf which got forked to opentofu	18:15
noonedeadpunk	fungi: yeah, sorry, I was just dealing with it so mixed things up, meant opentofu	18:16
fungi	aha, opentofu==terraform	18:16
fungi	okay, so you're saying some community management of a blessed set of terraform/opentofu modules would be helpful to have?	18:17
noonedeadpunk	if I'm not mistaken, gtema was involved in that at some point	18:17
fungi	and yeah, it seems like in general we've seen that people who want to do e.g. terraform support for openstack would rather manage those resources in the communities and infrastructure that the terraform community uses rather than within the openstack community governance and development infrastructure	18:18
noonedeadpunk	I guess what I meant that it's in project best interest to do everything possible for such toolings to succeed	18:18
fungi	helping them succeed doesn't necessarily mean taking control of and governing them	18:19
noonedeadpunk	Well, Ansible comminity goes in different direction and tries to push responsibility for modules and plugins to projects which they are for	18:19
noonedeadpunk	and that what happened in ansible 2.10? when this sig was established, when openstack modules were dropped from core...	18:20
noonedeadpunk	anyway	18:20
clarkb	right I think its ok for ansible dev to happen within openstack if that is what people prefer and tf/opentofu def to happen with tf/opentofu if that is what they prefer	18:21
fungi	i thought there was an ansible community that hosted non-core resources collectively	18:21
clarkb	its about meeting the tools and communities where they want to be and not about openstack having one method for everything	18:21
clarkb	then additionally there may be licensing concerns	18:22
noonedeadpunk	fungi: so pretty much ansible.community is bunch of stuff that was dropped from the core and not claimed by anyone. And it's barely maintained at the moment from what I've heard	18:22
fungi	yeah, sigs seem fine for that. the people maintaining those resources can do it in a way that's affiliated with openstack and hosted in the same development systems but not governed by the rigor or limits of official project teams	18:22
clarkb	liek I personally don't think openstack should be on the hook for integration with proprietary tooling. That is typically pushed onto the proprietary system devs (and is something that I think has largely worked over time)	18:22
fungi	it sounds like the problem in this specific case is that the people who had previously been interested in managing that repository disappeared and didn't leave any succession plan to hand off maintenance to someone else	18:24
noonedeadpunk	ok, sorry, I somehow struggle to understand where this discussion is going to. As eventually a person came in and flagged that they have no point of contact and don't know what to do to get their bug fix reviewed	18:24
noonedeadpunk	fungi: exactly	18:24
noonedeadpunk	but my guess is that situation is not unique overall	18:25
fungi	the openstack tc is the point of contact of last resort, and has the authority to take or delegate control to whoever they like	18:25
clarkb	oh I thought you were saying someone started maintaining a fork (hence the trademark question)	18:25
noonedeadpunk	no, not really	18:25
clarkb	and I was trying to say I think that is ok if htat is what makes sense for that community	18:25
noonedeadpunk	it's more that this namespace is under sig, but access to used to be personalized by ex sig chair that is not active anymore	18:26
noonedeadpunk	but yes, again, tc probably has authority, but we have no clue how and more imporantly when to excersice it	18:28
noonedeadpunk	which is where I was coming from :)	18:28
fungi	makes sense, and it's up to the tc members collectively to decide the how and when	18:29
noonedeadpunk	right	18:29
noonedeadpunk	but all my ideas were too rtestricitve to be applied to sigs	18:29
JayF	gmaan: congratulations on the new role	18:30
gmaan	JayF: thanks	18:31
fungi	noonedeadpunk: could be something as basic as proposing a governance-sigs change to update the chairs to new volunteers and asking the tc to vote on that review	18:31
gouthamr	yeah	18:32
mnasiadka	Well, that’s the fastest path to get it tidied up.	18:33
fungi	one of the hallmarks of the sig model was that it was intended to be simple and low-maintenance with as little bureaucracy as possible	18:33
gouthamr	a good first step; and then follow that up with the improvment you wanted: how does one join	18:33
fungi	once the chairs are updated, i'm happy to use gerrit admin perms to add the new chairs to the corresponding groups for access	18:34
gouthamr	my thought is akin to the community goal we all did at one point to create a "So you want to contribute" page.. we could drive all SIGs to have a one pager _somewhere_ which lists info on how to join/help	18:35
clarkb	at a higher level I think we (openstack) should maybe be more explicit that the broader community intends on maintaining software as long as their is interest and inactive maintainers may be supplemented by new interest parties	18:35
gouthamr	we are	18:35
clarkb	ya I think this has been the case through action but it may not be apparent to say newer groups like skyline that if tehy stop maintaining things in six months that if someone shows up 3 months after that they are tag you're it now	18:36
gouthamr	ah, are you thinking spell it out in the TC charter?	18:36
gouthamr	or the project team guide?	18:37
clarkb	probably more the project team guide	18:37
clarkb	fundamentally we're all stewards of community assets for lack of a better term. And intend on perpetuating that situation (I'm speaking for my self here but I Think the community has acted in this way over time too)	18:38
gouthamr	agreed	18:38
gouthamr	in https://docs.openstack.org/project-team-guide/repository.html perhaps?	18:39
clarkb	https://docs.openstack.org/project-team-guide/open-development.html or here? basically call out that there are ptls and core reviewers but they are stewards? I dunno it may also be overkill	18:41
clarkb	I think in most situation this has come up people are grateful someone else is stepping in and happy for it	18:41
mnasiadka	One thing is a mention how you can step up or calm out that a project/repo lacks maintainers - second thing SIG is not really a project team (so maybe doesn’t fit in project teams guide)	18:44
mnasiadka	Err, *call out	18:44
mnasiadka	Coming back to Ansible SIG - for me it’s sort of an important deliverable (like openstacksdk) but for people using Ansible - having that namespace not under OpenStack control reminds me of that pypi projects ownership problem	18:46
JayF	It's also worth noting we do have some openstack applications -- like bifrost -- which use ansible	18:47
JayF	https://opendev.org/openstack/bifrost/src/branch/master/ansible-collections-requirements.yml	18:48
mnasiadka	Kolla-Ansible also uses this collection, OSA probably as well	18:53
fungi	mnasiadka: it's in the openstack/ git namespace on opendev, so under openstack (tc) control	18:53
fungi	it's attributed to a sig rather than being an official deliverable, and the story behind that choice seems to mainly be an attempt to satisfy https://governance.openstack.org/tc/reference/licensing.html	18:55
clarkb	fungi: I think they are referring to the namespace on ansible galaxy (but yes confusing)	18:56
fungi	oh, got it	18:56
mnasiadka	Ah right, Ansible and GPL3 requirements - https://docs.ansible.com/ansible/latest/community/collection_contributors/collection_requirements.html#collection-licensing-requirements	18:59
fungi	an alternative would be to amend the tc licensing guidelines to include an exception for client integration tooling or some such	19:01
fungi	though i think that would involve a chat with the board and/or foundation legal to confirm (it did in the past anyway)	19:02
fungi	for example, back when there was still an infrastructure team and zuul added its ansible launcher, it needed to start shipping some (non-linked, so not an apache license conflict) gpl3 modules. that's when the "Projects run as part of the OpenStack Infrastructure" exception was approved	19:07
fungi	spotz[m]: https://review.opendev.org/c/openstack/project-config/+/948033 is probably relevant to the earlier rdo discussion too	19:36
noonedeadpunk	I'm actually not 100% about original assesment of GPL3	20:12
noonedeadpunk	As importing of GPL3 code likely does not lead consequence of licensing your code as GPL3	20:12
noonedeadpunk	Ie ansible-lint, molecule and some other tooling in the ecosystem are distributed with MIT	20:12
noonedeadpunk	But it really needs lawyer view	20:13
noonedeadpunk	Maybe our new LF friends can help us out clarifying this thing...	20:13
noonedeadpunk	Also each time I poked Ansible community managers or product managers from RH - they were not sure in that either	20:17
opendevreview	Goutham Pacha Ravi proposed openstack/project-team-guide master: Add notes on reviving projects/deliverables https://review.opendev.org/c/openstack/project-team-guide/+/948484	20:18
noonedeadpunk	As I think important difference, is that we do not re-distribute the original code, we import it from it's origin. But again - not a lawyer	20:18
clarkb	noonedeadpunk: MIT is not viral. GPL is	20:36
clarkb	it depends entirely on the license and in many cases interpretation as there are all sorts of exceptions	20:37
clarkb	for example mysql has an exception	20:37
fungi	well, also mit/expat and gpl3 are compatible licenses anyway. linking exceptions are generally used to remove certain privisions of a license under specific uses, for example to address license incompatibilities	20:44
fungi	the current mysql example is at https://oss.oracle.com/licenses/universal-foss-exception/	20:46
gtema	for those still reading on the ansible-collections-openstack: I would be strongly against TC simply setting other people as cores. Historically there were no people staying with Ansible for the long term (except very few cases). Every time someone new appears and claims to have interest that interest disappears after the change (or 2) has been merged. There are way to many corner cases in the Ansible world which those pass-by people have no	21:00
gtema	idea of. This is not the way to handle the situation	21:00
fungi	so instead the tc should declare it abandoned and retire it?	21:01
JayF	gtema: you basically want to treat it like we would a project team instead of a sig, which is super reasonable given we use the libraries in the same way we would a project	21:02
fungi	sounds like you're suggesting that it's untenable and we should give up any hope of hosting it in the openstack community	21:02
JayF	it sounds like if this were held to a project team standard, it'd be "inactice"?	21:02
JayF	**inactive	21:02
gtema	it is not abandoned. When I am pinged I am trying to spend time there. It just that I have no free time (nor direct interest anymore) to keep it on the radar permanenty.	21:03
gtema	Honestly I also have an idea of redoing modules following the openapi work - generating all the modules automatically	21:03
fungi	oh, then you are a (and perhaps the only) maintainer, so it's at least somewhat maintained	21:03
fungi	noonedeadpunk made it sound like nobody with access to it was involved any more	21:04
gtema	yes, it is indeed somewhat maintained	21:04
gtema	that is not very corect	21:04
gtema	cardoe recently started pushing changes which I was reviewing so if he would be having more interest in spending some more time - welcome	21:05
cardoe	I think it'd be great if all the modules were auto generated.	21:05
fungi	maybe you'd be okay being the chair for the ansible sig, more so if it became just the ansible collections sig?	21:05
cardoe	I'm trying to fix up some keystone usage but it's honestly just a short term fix for me as we move to a Kubernetes operator.	21:05
gtema	sure, it is just that my other point was perhaps to investigate using Rust in ansible modules, since Ansible is just terribly slow	21:06
gtema	otherwise the problem with the auto-generation is that you can only generate it when your underlaying SDK is also completely auto-generated. Otherwise you do not have 100% standardized interface	21:07
fungi	ansible modules can just be thin python wrappers around compiled binaries in any language can't they?	21:07
gtema	the alternative was to get rid of openstacksdk (except of maybe config reading) and just generate it purely to use API directly	21:07
gtema	fungi - technically yes.	21:08
cardoe	well openstacksdk is a bit inconsistent as well some stuff uses the service proxies and some doesn't	21:08
gtema	but you need to have a way of ensuring the binary is installed on the target	21:08
gtema	I had a plan to more or less exactly wrap usage of rust cli by ansible - just never got time to work also on that - too many open things	21:08
gtema	cardoe - that is exactly where I stopped playing with the idea of generating ansible modules relying on openstacksdk	21:09
JayF	What do you mean 'service proxies' in this context?	21:13
gtema	for every service there is a dedicated proxy in sdk and those are not 100% following same rules (mostly because openstack services are not following same rules) - as such you have a bit mixed interface between services that is not consistent	21:15
gtema	microversion handling is another beast in the Ansible module context	21:16
JayF	Ah, okay. Implementation detail thing :)	21:18
* JayF was afraid Ironic was missing a thing		21:18
gtema	bit more than that. cli is more or less just exiting informing the user that what he requests is not possible with the MV supported by the cloud potentially leaving ways to influence which MV to use. In Ansible (since this is a strongly non-interactive invocation) there is no way for that	21:19
gtema	microversions are evil, they should have never existed	21:20
JayF	I disagree, but I'm a grumpy operator who appreciates we don't break old stuff and not an API designer or SDK developer :)	21:21
gtema	you break, you just do not know about that. When parameter type is changed with MV it is not acceptable, but this is the reality	21:21
JayF	I would be surprised if we have anything (at least recently) in Ironic that's inconsistent in the same version. We have tried /really hard/ to enforce it even for mild changes	21:22
gtema	I was never good at ironic microversions, I am mostly talking about nova MVs	21:23
* JayF waits for the laundry list of sins to come out ;)		21:23
gouthamr	microversions is under the statute of limitations	21:24
gtema	for sdk/cli maintainer those are insane and only make life more complex than it should be	21:25
JayF	gouthamr: the only way to fix API sins is to commit more API sins ;)	21:26
gouthamr	consistency!	21:26
opendevreview	Goutham Pacha Ravi proposed openstack/project-team-guide master: Add notes on reviving projects/deliverables https://review.opendev.org/c/openstack/project-team-guide/+/948484	22:07
spotz[m]	<fungi> "spotz: https://review.opendev...." <- Yeah on that already	22:26
opendevreview	Ian Y. Choi proposed openstack/election master: Add configuration for 2026.1/"G" elections https://review.opendev.org/c/openstack/election/+/948494	22:27

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!